oracle 10g admin workshops pptless 11

8/9/2019 Oracle 10g Admin workshops PPTLess 11

1/50

Copyright 2004, Oracle. All rights reserved.

Oracle Database Security


2/50

11-2 Copyright 2004, Oracle. All rights reserved.

Objectives

After completing this lesson you should be able to do

the following:

Apply the principal of least privilege

Manage default user accounts

Implement standard password security features

Audit database activity


3/50


Database Security

A secure system ensures the confidentiality of the

data it contains. There are several aspects of security:

Restricting access to data and services

Authenticating users

Monitoring for suspicious activity


4/50


Database Security

Full Notes Page


5/50


Apply the Principle of Least Privilege

Protect the data dictionary

Revoke unnecessary privileges from PUBLIC

Restrict the directories accessible by users

Limit users with administrative privileges

Restrict remote database authentication


6/50


Protect the Data Dictionary

Protect the data dictionary by ensuring thefollowing initialization parameter is set to FALSE:

This configuration prevents users withANY TABLEsystem privileges from accessing data dictionary

base tables.

A FALSE setting also prevents userSYS fromlogging in as anything other than

SY

SDBA

The default value of this parameter is FALSE. Ifyou find it set to TRUE, ensure there is a good

business reason.

O7_DICTIONARY_ACCESSIBILITY = FALSE


7/50


Revoke Unnecessary Privilegesfrom PUBLIC

Revoke all unnecessary privileges and roles fromthe database server user group PUBLIC.

Many built-in packages grant EXECUTE to PUBLIC.

Execute on the following packages should usuallybe revoked from PUBLIC:

UTL_SMTP

UTL_TCP

UTL_HTTP

UTL_FILE DBMS_OBFUSCATION_TOOLKIT

Example:

SQL> REVOKE execute ON utl_file FROMPUBLIC;


8/50


Revoke Unnecessary Privileges fromPUBLIC - Full Notes Page


9/50


Restrict the Operating System

Directories Accessible by the User

The UTL_FILE_DIRconfiguration parameter:

Designates which directories are available for

PL/SQL file I/O

Enables database users to read or write from thelisted directories on the database server


10/50


Limit Users with Administrative Privileges

Restrict the following types of privileges:

Grants of system and object privileges

SYS-privileged connections: SYSDBAand SYSOPER

DBA-type privileges, such as DROP ANY TABLE

Run-time permissions

Example: List all users with the DBArole:

SQL>SELECT grantee FROM dba_role_privs

2 WHERE granted_role = 'DBA';GRANTEE------------------------------SYSSYSTEM


11/50


Disable Remote Operating

System Authentication

Remote authentications should be used only when

you trust all clients to appropriately authenticate

users.

Remote authentication process: The database user is authenticated externally.

The remote system authenticates the user.

The user logs on to the database without further

authentication.

To disable, ensure that the following instanceinitialization parameter is at its default setting:

REMOTE_OS_AUTHENT = FALSE


12/50


Manage Default User Accounts

DBCA expires and

locks all accounts,

except:

SYS

SYSTEM

SYSMAN

DBSNMP

For a manually

created database,lock and expire any

unused accounts.


13/50


User

Password expiration

and aging

Password

verification

Setting up

profiles

Implement Standard Password

Security Features

Passwordhistory Accountlocking


14/50


Password Account Locking

Parameter Description

FAILED_LOGIN_ATTEMPTS Number of failed login attemptsbefore lockout of the account

PASSWORD_LOCK_TIME Number of days the account islocked after the specified number

of failed login attempts


15/50


Password Expiration and Aging


PASSWORD_LIFE_TIME Lifetime of the password in daysafter which the password expires

PASSWORD_GRACE_TIME Grace period in days for changingthe password after the first

successful login after the

password has expired


16/50


Password History


PASSWORD_REUSE_TIME Number of days before a passwordcan be reused

PASSWORD_REUSE_MAX Number of password changesrequired before the current

password can be reused


17/50


Password Verification

Password verification functions must:

Be owned by the SYS user

Return a Boolean value (true or false)


PASSWORD_VERIFY_FUNCTION

A PL/SQL function that makes a

password complexity check before

a password is assigned


18/50


Supplied Password Verification Function:VERIFY_FUNCTION

The supplied password verification function enforces

password restrictions where the:

Minimum length is four characters

Password cannot be equal to username Password must have at least one alphabetic, one

numeric, and one special character

Password must differ from the previous password

by at least three letters


19/50


Creating a Password Profile


20/50


Assigning Users to a Password Profile


21/50


Monitoring for Suspicious Activity

Monitoring or auditing should be an integral part of

your security procedures.

Oracles built-in audit tools include:

Database auditing Value-based auditing

Fine-grained auditing (FGA)


22/50


Audit Tool Comparisons

Type of Audit What Is Audited? What Is in the

Audit Trail?

Standard database

auditing

Privilege use including

object access

Fixed set of data

Value-based

auditing

Data changed by DML

statements

Administrator

defined

Fine-grained

auditing (FGA)

SQL statements (insert,

update, delete, and

select) based on content

Fixed set of data

including the

SQL statement


23/50


Standard Database Auditing

Enabled through theAUDIT_TRAIL parameter

NONE: Disables collection of audit records

DB: Enables auditing with records stored in the

database OS: Enables auditing with records stored in the

operating system audit trail

Can audit:

Login events Exercise of system privileges

Exercise of object privileges

Use of SQL statements


24/50


Specifying Audit Options

SQL statement auditing

System privilege auditing (nonfocused and

focused)

Object privilege auditing (nonfocused and

focused)

Session auditing

AUDIT select any table, create any trigger;

AUDIT select any table BY hr BY SESSION;

AUDIT table;

AUDIT ALL on hr.employees;

AUDIT UPDATE,DELETE on hr.employeesBY ACCESS;

AUDIT session whenever not successful;


25/50


Specifying Audit Options

Full Notes Page


26/50


Data Dictionary View

ALL_DEF_AUDIT_OPTS

DBA_STMT_AUDIT_OPTS

DBA_PRIV_AUDIT_OPTS

DBA_OBJ_AUDIT_OPTS

Description

Default audit options

Statement auditing options

Privilege auditing options

Schema object auditing options

Viewing Auditing Options


27/50


Audit

trail

Parameter

file

Specify audit options

Generate

audit trail

Review audit information

Standard Database Auditing

DBA User

Enable database

auditing

executes

command

Database

OS audit

trail

Audit

options

Server

process


28/50


Audit Trail View

DBA_AUDIT_TRAIL

DBA_AUDIT_EXISTS

DBA_AUDIT_OBJECT

DBA_AUDIT_SESSION

DBA_AUDIT_STATEMENT

Description

All audit trail entries

Records for AUDIT EXISTS/NOTEXISTS

Records concerning schema objects

All connect and disconnect entries

Statement auditing records

Viewing Auditing Results


29/50


Value-Based Auditing

Users change

is made

Trigger fires Audit record iscreated by trigger

And inserted into

an audit trail table

User makeschange


30/50


Value-Based Auditing

Full Notes Page


31/50


Fine-Grained Auditing (FGA)

Monitors data access based on content

Audits SELECT orINSERT,UPDATE,DELETE

Can be linked to a table or view

May fire a procedure

Is administered with the DBMS_FGApackage

employees

Policy:AUDIT_EMPS_SALARY

SELECT name, salaryFROM employeesWHERE

department_id = 10;


32/50


FGA Policy

dbms_fga.add_policy (object_schema => 'hr',object_name => 'employees',policy_name => 'audit_emps_salary',audit_condition=> 'dept_id=10',audit_column => 'salary',handler_schema => 'secure',

handler_module => 'log_emps_salary',enable => TRUE,statement_types=> 'select' );

SELECT name, job_id

FROM employees;

SELECT name, salaryFROM employees

WHEREdepartment_id = 10;

SECURE.LOG_EMPS_SALARY

employees

Defines:

Audit criteria

Audit action

Is created withDBMS_FGA.ADD_POLICY


33/50


FGA Policy

dbms_fga.add_policy (object_schema => 'hr',object_name => 'employees',policy_name => 'audit_emps_salary',audit_condition=> 'department_id = 10',

audit_column => 'salary',

handler_schema => 'secure',handler_module => 'log_emps_salary',enable => TRUE );

SELECT name, salary

FROM employees;

SELECT name, salaryFROM employees

WHEREdepartment_id = 10;

SECURE.LOG_

EMPS_SALARY

employees

Defines

Audit criteria

Audit action

Is created withDBMS_FGA.ADD_POLICY


34/50


DBMS_FGAPackage

Use DBMS_FGAto maintain FGA policies

Grant the execute privilege only to administrators

Includes the following subprograms:

Subprogram Description

ADD_POLICY Creates an audit policy using thesupplied predicate as the audit condition

DROP_POLICY Drops an audit policy

ENABLE_POLICY Enables an audit policy

DISABLE_POLICY Disables an audit policy


35/50


Enabling and Disabling an FGA Policy

Enable a policy:

Disable a policy:

dbms_fga.enable_policy (object_schema => 'hr',

object_name => 'employees',policy_name => 'audit_emps_salary' );

dbms_fga.disable_policy (

object_schema => 'hr',object_name => 'employees',policy_name => 'audit_emps_salary' );


36/50


Dropping an FGA Policy

SQL>EXEC dbms_fga.drop_policy ( -> object_schema => 'hr', -

> object_name => 'employees', -> policy_name => 'audit_emps_salary');

PL/SQLprocedure successfully completed.

SQL>


37/50


Triggering Audit Events

The following SQL statements cause an audit:

The following statement does notcause an audit:

SELECT count(*)FROM hr.employees

WHERE department_id = 10ANDsalary >v_salary;

SELECT salaryFROM hr.employees;

SELECT last_nameFROM hr.employees

WHERE department_id = 10;


38/50


Data Dictionary Views

View Name Description

DBA_FGA_AUDIT_TRAIL All FGA events

ALL_AUDIT_POLICIES All FGA policies for objects the

current user can accessDBA_AUDIT_POLICIES All FGA policies in the database

USER_AUDIT_POLICIES All FGA policies for objects in thecurrent user schema


39/50


DBA_FGA_AUDIT_TRAIL

SQL>SELECT to_char(timestamp, 'YYMMDDHH24MI')2 AS timestamp,3 db_user,4 policy_name,5 sql_bind,6 sql_text7 FROM dba_fga_audit_trail;

TIMESTAMP DB_USERPOLICY_NAME SQL_BIND---------- ------- ----------------- ----------SQL_TEXT-----------------------------------------------0201221740 SYSTEM AUDIT_EMPS_SALARY #1(4):1000SELECT count(*)

FROM hr.employeesWHERE department_id = 10ANDsalary >:b1


40/50


DBA_FGA_AUDIT_TRAIL

SQL>SELECT to_char(timestamp, 'YYMMDDHH24MI')2 AS timestamp,3 db_user,4 policy_name,5 sql_bind,6 sql_text7 FROM dba_fga_audit_trail;

TIMESTAMP DB_USERPOLICY_NAME SQL_BIND---------- ------- ----------------- ----------SQL_TEXT-----------------------------------------------0201221740 SYSTEM AUDIT_EMPS_SALARY #1(4):1000SELECT count(*)

FROM hr.employeesWHERE department_id = 10ANDsalary >:b1


41/50


FGA Guidelines

To audit all statements, use a null condition.

If you try to add a policy that already exists, error

ORA-28101 is raised.

The audited table or view must already exist whenyou create the policy.

If the audit condition syntax is invalid, an ORA-

28112 is raised when the audited object is

accessed.

If the audit column does not exist in the table, no

rows are audited.

If the event handler does not exist, no error is

returned and the audit records is still created.


42/50


FGA Guidelines

Full Notes Page


43/50


Auditing SYSDBAand SYSOPERUsers

Users with SYSDBAorSYSOPERprivileges can beconnecting with the database closed.

Audit trail must be stored outside of the database.

Connect as SYSDBAorSYSOPERis always audited. Enable additional auditing ofSYSDBAorSYSOPER

actions with audit_sys_operations.

Control audit trail with audit_file_dest. Default

is:

$ORACLE_HOME/rdbms/audit (UNIX/Linux)

Windows Event Log (Windows)


44/50


Security Updates

Oracle posts security alerts on the Oracle

Technology Network Web site at:

http://otn.oracle.com/deploy/security/alerts.htm

Oracle database administrators and developerscan also subscribe to be notified about critical

security alerts via e-mail by clicking the

Subscribe to Security Alerts Here link.


45/50


Summary

In this lesson you should have learned how to:

Apply the principal of least privilege

Manage default user accounts

Implement standard password security features Audit database activity


46/50


Practice 11-1 Overview:

Database Security (Part 1)

Tasks:

Prevent the use of simple passwords

Force accounts to lock for 10 minutes after four

failed login attempts Exempt the application server login from forced

password changes

Audit unsuccessful attempts to connect to the

database


47/50


Practice Lesson 11 (Part 1)

Full Notes Page


48/50


Practice Lesson 11 (Part 1) (continued)

Full Notes Page


49/50


Practice 11-2 Overview:

Database Security (Part 2)

Tasks:

Audit select on the SALARY column of theEMPLOYEES table

Audit changes to the SALARY column of theEMPLOYEES table, capture:

Old value

New value

User who made the change

What location the change was made from


50/50

Practice Lesson 11 (Part 2)

Full Notes Page

oracle 10g admin workshops pptless 11

Documents